How to Secure Your Site from Spammers


The unfortunate reality of the digital world is, no matter how good your website is doing, it is always at a risk of spammers.The moment you create a website and provide visitors a proper channel to communicate with you, spammers are also readying their bunkers to invade and they quickly start shoveling content through it.

You may not think your site has anything worth being spammed for, but the fact is that websites are vulnerable to spam invasion all the time. Some days most of us receive more spam emails than real email.These annoying emails often offer dubious product deals such as doubtful financial services or promotions for drugs prescription and sometimes one may receive invitations to pornographic websites.

Why My Website is Under Attack?

The reasons can be many; sometimes the spammer’s intention is to leave their links behind. They make such attempts as they believe in the quantity rather than quality approaches which will actually help achieve their SEO ranking objectives.

The Battle Against Spam

Despite recent improvements in programs and addition of more effective tools in our arsenal, most of us cannot escape the hazard that plagues most of our inboxes on a regular basis. This is because the spammers are also getting armed with more and more stealth weapons and creative maneuvers dodging traditional anti-SPAM tactics.

For an effective victory in the battle against spam you need to analyze and interpret your weaknesses and points of excessive vulnerability and then add security layers to those fields. In most observations it is seen that spammers mostly attack on comment boxes, registration or contact forms. It’s time for us tore-design our strategy magnifying these specific fields to guarantee our triumph.

Spam prevention on comment boxes, contact or registration forms

Receiving a lot of spam comments on WordPress blog is very irritating. Over the years, technicians have devised several ways to combat spam comments in wordpress. The common methods are to integrate Google Recaptcha on the comments boxes and contact forms, or customize the registration form in a way that is difficult for spam bots to answer.

A WordPress website can simply replace the traditional comments section with an advanced one to stop spamming. But an eCommerce website, either powered by Magento or PrestaShop, face difficulty in managing spam. These websites may serve worldwide traffic and need to encourage customers to sign-up for an account to have more sales.

A registration form is the major source of spamming in eCommerce websites that’s why they need to alter it accordingly. Magento Customer Attributes extension is one effective tool in this regard. It allows you to add custom fields to the sign-up forms that are difficult to answer for a spam bot. Additionally, you can set certain fields mandatory to reply so that a spam entry is restricted before moving on to submit button.

Let’s learn some of the most valuable tips and plugins from renowned veterans to combat spam in WordPress.

Let’s go war

Firing Cookies- The Anti-spam Grenades

Reduce Comment Spam Using Cookies, Most spam bots are automated scripts and spammers usually don’t download images or style sheets. Install and activate the Cookies for Comments so that it takes more time and irritates spammers. If a user’s browser automatically downloads files then the plugin sets a cookie identifying them as legit users.

Bunkering in Honey Pot

Use honey pot to block spam comment bots. This technology is an effective method to trick spambots into identifying themselves. These spam bots are usually programmed to fill out all fields in a form which can be blocked by honeypot. When the honeypot field is filled in, we can reject the form as spam. The spambot gets stuck and can’t submit the form.

Deploy Captcha Verification on the Front Lines

Add Captcha Verification, using WP-reCAPTCHA plugin, this enables recaptcha challenge on your comment forms. Recaptcha displays an image containing characters where users need to type those characters to prove that they are human.

If you want to stop contact form spam without CAPTCHA, try reCAPTCHA as an alternative. The advantage of using reCAPTCHA is that users only need to check a box. This requires less effort by the user and is not irritated.

Remove Website URL for Effective Command and Control

Another effective way of spam prevention is removing Website URL Field from Comment Form. The removal of URL field in the comment form is recommended becauseit not only attracts spammers (both automated and human) but also invites random people who have absolutely no interest in discussion at all.

Disguising the Enemy by Quizzes

Simple quizzes are becoming an increasingly popular way to combat contact form spam. They toil by asking the user a simple question such as “Which is smaller, 3 or9?” Bots will fail as they won’t be able to answer this question, so the contact form is protected and can only be submitted by people who enter the correct response.

To add a quiz, edit your contact form and click the Generate Tag dropdown. Paste the short code that appears below into your contact form.

Akismet- The Ultimate Warrior

Akismet has a long-enjoyed reputation as the best WordPress anti-spam plugin. Not everyone knows that it not only works with Contact Form but also works well with blog comments. You do not need to download it as it comes pre-installed with all WordPress installation. To unlock its powers, allyou need to activate it and get an API key. Although sometimes good comments get filtered as SPAM, but you can always recover them by going through your SPAM comments regularly.

Akismet does a great job in catching SPAM comments and in my tests, Akismet stopped about 70% of the Contact Form spam.

Dismantling the invaders

Adding security layers is not enough you have to take some protective measure like;

  • Disable Comments on Media Attachments. WordPress automatically creates image attachment pages where users can see an image and even leave a comment for it.
  • Disable HTML in Comments. This is another handy tip to discourage links in comments is disabling HTML in comments.
  • Disable Trackbacks. A big portion of comment SPAM is trackbacks. For some blogs it is not even necessary to have trackbacks. You can choose to disable trackbacks on your entire blog, or in an individual post.
  • Turn off Comments on Old Posts. WordPress allows you to set a comment closure deadline. You can off comments to relatively old posts where it’s unlikely to receive an organic comment.

The battle against spam can never end, but it’s necessary for you to keep the defense mechanism updated and adopt new and advanced modes of protection.

Good Luck!!

Author Bio:

Simon Walker is an experience ecommerce consultant having experience of 7+ years in the ecommerce industry. He currently works at FMEextensions –a premium Magento website development company, which provides Magento consulting services to their clients across the globe. You can reach him on Twitter and Facebook.

Web